Abstract
Android permission system enforces access control to those privacy-related resources in Android phones. Unfortunately, the permission system could be bypassed when the phone is rooted. On a rooted phone, processes can run with root privilege and can arbitrarily access any resources without permission. Many people are willing to root their Android phones to uninstall pre-installed applications, flash third party ROMs, backup their phones and so on. People use rootkit tools to root their phones. The mainstream rootkit tools in China are provided by some well-known security vendors. Besides root, these vendors also provide the one-click-unroot function to unroot a phone. The unroot process gives users a feeling that their phones will roll back to the original safe state. In this paper, we present the security threats analysis of permission system on phones rooted once and unrooted later. On these phones, two categories of attacks: tampering data files attack and tampering code files attack are carried out. Also, the attacks’ detection rate, damage degree, influence range, and survivability in the real word are analyzed. Analysis result shows even under Antivirus’ monitoring, these attacks towards permission system can still be carried out and survive after the phone is unrooted. Therefore, the permission system faces a long-term compromise. The potential defense solutions are also discussed.
The work is supported by a grant from the National Basic Research Program of China (973 Program, No. 2013CB338001).
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Alves, T., Felton, D.: Trustzone: Integrated hardware and software security. ARM White Paper 3(4) (2004)
Au, K.W.Y., Zhou, Y.F., Huang, Z., Lie, D.: Pscout: analyzing the android permission specification. In: ACM CCS (2012)
Bugiel, S., Davi, L., Dmitrienko, A., Fischer, T., Sadeghi, A.R.: XMandroid: a new android evolution to mitigate privilege escalation attacks. Technische Universität Darmstadt, Technical Report TR-2011-04 (2011)
Bugiel, S., Davi, L., Dmitrienko, A., Fischer, T., Sadeghi, A.R., Shastry, B.: Towards taming privilege-escalation attacks on android. In: 19th NDSS (2012)
Chin, E., Felt, A.P., Greenwood, K., Wagner, D.: Analyzing inter-application communication in android. In: 9th MobiSys (2011)
Conti, M., Nguyen, V.T.N., Crispo, B.: Crepe: Context-related policy enforcement for android. In: Burmester, M., Tsudik, G., Magliveras, S., Ilić, I. (eds.) ISC 2010. LNCS, vol. 6531, pp. 331–345. Springer, Heidelberg (2011)
Davi, L., Dmitrienko, A., Egele, M., Fischer, T., Holz, T., Hund, R., NĂĽrnberger, S., Sadeghi, A.R.: Mocfi: A framework to mitigate control-flow attacks on smartphones. In: NDSS (2012)
Dietrich, K., Winter, J.: Secure boot revisited. In: ICYCS (2008)
Dietz, M., Shekhar, S., Pisetsky, Y., Shu, A., Wallach, D.S.: Quire: Lightweight provenance for smart phone operating systems. In: USENIX Security (2011)
Duo Security: X-ray for Android (2012), http://www.xray.io/
Ekberg, J.E.: Secure boot with trusted computing group platform registers, US Patent US20120297175 A1 (November 22, 2012)
Enck, W., Ongtang, M., McDaniel, P.: Mitigating android software misuse before it happens. Technical Report NAS-TR-0094-2008 (September 2008)
Enck, W., Ongtang, M., McDaniel, P.: On lightweight mobile phone application certification. In: 16th ACM CCS (2009)
Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android permissions demystified. In: 18th ACM CCS (2011)
Felt, A.P., Wang, H.J., Moshchuk, A., Hanna, S., Chin, E.: Permission re-delegation: Attacks and defenses. In: USENIX Security Symposium (2011)
Fuchs, A.P., Chaudhuri, A., Foster, J.S.: Scandroid: Automated security certification of android applications. Univ. of Maryland (2009) (manuscript)
Grace, M., Zhou, Y., Wang, Z., Jiang, X.: Systematic detection of capability leaks in stock android smartphones. In: Proceedings of the 19th NDSS (2012)
Hornyack, P., Han, S., Jung, J., Schechter, S., Wetherall, D.: These aren’t the droids you’re looking for: retrofitting android to protect data from imperious applications. In: 18th ACM CCS (2011)
Kai, T., Xin, X., Guo, C.: The secure boot of embedded system based on mobile trusted module. In: ISDEA (2012)
LifeHacker: Top 10 reasons to root your android phone, http://lifehacker.com/top-10-reasons-to-root-your-android-phone-1079161983
Nauman, M., Khan, S., Zhang, X.: Apex: extending android permission model and enforcement with user-defined runtime constraints. In: 5th ACM CCS (2010)
NC State University: Security alert: New sophisticated android malware droidkungfu found in alternative chinese app markets (2011), http://www.csc.ncsu.edu/faculty/jiang/DroidKungFu.html
NetQin: 2012 moblie phone security report (2012), http://cn.nq.com/neirong/2012shang.pdf
Nicolson, K.A.: Secure boot with optional components method, US Patent US20100318781 A1 (December 16, 2010)
Ongtang, M., McLaughlin, S., Enck, W., McDaniel, P.: Semantically rich application-centric security in android. In: SCN (2012)
Schlegel, R., Zhang, K., Zhou, X.Y., Intwala, M., Kapadia, A., Wang, X.: Soundcomber: A stealthy and context-aware sound trojan for smartphones. In: NDSS (2011)
Smalley, S., Craig, R.: Security Enhanced (SE) Android: Bringing Flexible MAC to Android. In: NDSS (2013)
Symantec: Android.basebridge (2011), http://www.symantec.com/security_response/writeup.jsp?docid=2011-060915-4938-99
Toptenreviews: 2014 Best Mobile Security Software Comparisons and Reviews (2014), http://mobile-security-software-review.toptenreviews.com/
Trusted Computing Group (TCG): Mobile Phone Work Group Mobile Trusted Module Specification (2010), http://www.trustedcomputinggroup.org/developers/mobile/specifications
viaForensics: Defeating SEAndroid C DEFCON 21 Presentation, http://viaforensics.com/mobile-security/implementing-seandroid//-defcon-21-presentation.html (March 8, 2013)
Winter, J.: Trusted computing building blocks for embedded linux-based arm trustzone platforms. In: 3rd ACM Workshop on Scalable Trusted Computing (2008)
Zhou, Y., Jiang, X.: Dissecting android malware: Characterization and evolution. In: Security and Privacy (SP), pp. 95–109. IEEE (2012)
Zhou, Y., Zhang, X., Jiang, X., Freeh, V.W.: Taming information-stealing smartphone applications (on android). In: McCune, J.M., Balacheff, B., Perrig, A., Sadeghi, A.-R., Sasse, A., Beres, Y. (eds.) Trust 2011. LNCS, vol. 6740, pp. 93–107. Springer, Heidelberg (2011)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Zhang, Z., Wang, Y., Jing, J., Wang, Q., Lei, L. (2014). Once Root Always a Threat: Analyzing the Security Threats of Android Permission System. In: Susilo, W., Mu, Y. (eds) Information Security and Privacy. ACISP 2014. Lecture Notes in Computer Science, vol 8544. Springer, Cham. https://doi.org/10.1007/978-3-319-08344-5_23
Download citation
DOI: https://doi.org/10.1007/978-3-319-08344-5_23
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-08343-8
Online ISBN: 978-3-319-08344-5
eBook Packages: Computer ScienceComputer Science (R0)